Study on PMI based access control of substation automation system

Access control with strong authentication becomes crucial for the mission critical and safety critical operation of the substation automation system. According to IEC 61850, access control is needed when the user access to functions or the related LNs, especially to operational functions. But the standard only defines a simple way to resolve the access control problem without strong authentication process, and the mechanisms at the client side like privilege management are also outside its scope. To resolve these problems, a privilege delegation model of substation management and an access control system are designed. The PMI attribute certificate is used by user to assert the privilege to IEDs, and an access security agent is act as a proxy to verify the user's privilege. The special cipher chip authorized by National Cipher Management Office of China is used to implement the cryptographic computation. On the analysis of computation frequency, this design can meet the real-time demands of substation operation.